在現今企業組織經營型態日漸複雜且組織規模擴大,絕大多數的企業仰賴資訊電腦化系統管理其龐大的企業資料,以簡化作業程序、提高作業效率、加強管理功能,資訊科技的不斷進步,提高企業的競爭力,相關的資訊應用工具也持續的推陳出新,為了對電腦系統內之資訊作安全性之確保,資訊安全成為日受重視的議題。 本研究係透過個案研究之方式,將BS7799資訊安全管理十大控制要項127控制項目,以問卷的方式請個案公司之MIS主管、MIS人員、稽核主管、稽核人員及管理部主管作答,取得初級資料並使用統計方法進行檢定,藉以得知個案公司對BS7799資訊安全管理127控制項目的看法及認知;同時藉由資訊及相關科技之控制目標(Control Objectives for Information and related Technology, COBIT)中之DS5、M2及M4設計問題,訪談個案公司之經營主管,MIS主管及稽核主管,以了解個案公司在COBIT觀點下對資訊安全及電腦稽核的看法及認知。 研究結果顯示,個案公司經由上述之BS7799資訊安全管理及COBIT控管目標,同時用以了解公司在資訊安全之內部稽核之議題上,為可行的、且可補彼此間之不足;資訊安全管理制度的建立在目前在國內正逐漸加溫中,希冀此研究結果能提供企業在建立資訊安全管理制度上參考之用。
Recently, most of the enterprises rely on the information system to carry out their tremendous data process. By the sophisticated Information system, those firms can simplified their business processes, raised their efficiency and helped their manager to manage in the disorderly general affairs. With the information technology continuously promotion and computer becomes a necessary tool as the stick for blind people. As the result, there have many companies are going to join in the emerging market. On the other hand, since most companies were using the information system assisted their job, it becomes a main target as honey for bees that some people are trying to hike in those enterprises computer system to steal the information that might be priceless. Therefore, information system security is as the SARS to be the main issue in those firms, which highly manipulated the Information system. As the Information system security is became the main concern, in this case study, I am going to through the live survey to survey how the MIS department managers, engineers and Internal auditor to implement the BS7799 in their field. With the data that was collected from live survey and by the statistic analysis, I gathered the view of those cases regarding the BS7799 in its 127 control items. In addition, with the Control Objectives for Information and related Technology (COBIT) of its DS5, M2 and M4, I interviewed all the MIS department managers, engineers and auditors to knowledge the opinion of those companies in the information security and computer audited. As the result, I realized through the BS7799 and COBIT that it can be proceeded after those companies have been run through the BS7799 and COBIT. They are practicable, complementary and valuable. Information security management system is ad hoc and popular topic in Taiwan, I hoped with this study that it can provided some affirmation for the enterprises in Taiwan if they are going to build their information security system.
為了持續優化網站功能與使用者體驗,本網站將Cookies分析技術用於網站營運、分析和個人化服務之目的。
若您繼續瀏覽本網站,即表示您同意本網站使用Cookies。